Nightw0lf

about the prices is a fix plus number of the prices is a multiplier applied on the prices more clues more easy solution

you probably added some rate config to multiply the sell price, did you apply any patches last days you found on some l2jbrazil forums etc?

upload the core for examination you did something

TK nerd mode on. valid tho. thanks for sharing!

https://updater.denart-designs.com

read more about sql injection in google because login can do harm on your database https://en.wikipedia.org/wiki/SQL_injection use PDO or if you have old PHP $login = mysql_real_escape_string($login); or $login = preg_replace("/[^a-zA-Z]/", "", $login);// this leaves only letters from a to z + capital for numbers a-zA-Z0-9

the answer is no-ip.com make account make a new host then you get something like myserver.ddns.net you put in l2.ini myserver.ddns.net and you run the application DUC of no ip in your computer and you have the same IP address even if your router resets. about the port open enter your router and do it not hard you need only 2106, 7777 ports to test go here canyouseeme.org

nice work thank you for sharing, i think you could work a bit with the design if you want my opinion but still its very good!

did you notice the user info even here is broken http://prntscr.com/p7r9wy

link updated with key

i just hacked it just to show you (what is the reward?) and if(1=1, sleep(10), 5222) have fun

and what if i already found a way to enter you some code but i dont want to share with you because you are smarter?

so if i say no? the whole world also no? this is kids response.

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

i already answered 2 times this question

you still dont get it, if i cannot does not mean nobody else cant do it... your thinking is about normal users that will use it for simple reason ok, when the real threat comes go tell the admin sorry i know it but you're fucked now and its too late.

it does not matter if i can but if it can be done in the end. lets talk with facts code needs mysql_connect function of php this requires php max 5.6 while 7, 7.1, 7.2, 7.3, (7,4 soon) mysql_connect function is deprecated and known for sql injection (yes i know you added some prevention on that), what about XSS what about old php (5.6) also PHPMailer needs update because your version has a critical system vulnerability too that is fixed in latest versions and so on, please understand that i dont judge you personally but the system you have is old in all meanings, if i would judge it i would say something like you were boring when you code it 3 functions for emailing for 3 different strings could be done with 1 function sendmail($string)... about the old user thing i just shared something old that only old users might have and it does the work (still not safe still old code and everything)

no offense was meant anyway. well i got the point but its old this means deprecated code and everything that means exploits, also the code dont make me say it again for guys like him is perfect but for live no its not. about making one i did and since i am "old user" i happen to have this in my possession so i shared it its far more simple example

Sample for website WARNING: code is old, its using OLD PHP and deprecated codes everywhere, its not safe it has not even the basic protections, its just shared as sample and/or for testing purposes. if you want real account manager for vanganth files with auto donate payments go here https://shop.denart-designs.com/

question: did you test with gm character? did you try with normal characters?

well main part is done now you need an NPE (null pointer exception) expert you're good at this after all :)

in this case this is the full example /* * Copyright (C) 2004-2015 L2J DataPack * * This file is part of L2J DataPack. * * L2J DataPack is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * L2J DataPack is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package handlers.custom; import l2r.Config; import l2r.gameserver.model.actor.instance.L2PcInstance; import l2r.gameserver.model.events.Containers; import l2r.gameserver.model.events.EventType; import l2r.gameserver.model.events.impl.character.player.OnPlayerPvPKill; import l2r.gameserver.model.events.listeners.ConsumerEventListener; import l2r.gameserver.network.SystemMessageId; import l2r.gameserver.network.serverpackets.SystemMessage; import l2r.gameserver.util.Broadcast; public class CustomAnnouncePkPvP { public CustomAnnouncePkPvP() { if (Config.ANNOUNCE_PK_PVP) { Containers.Players().addListener(new ConsumerEventListener(Containers.Players(), EventType.ON_PLAYER_PVP_KILL, (OnPlayerPvPKill event) -> OnPlayerPvPKill(event), this)); } } /** * @param event * @return */ public Object onPlayerPvPKill(OnPlayerPvPKill event) { final L2PcInstance activeChar = event.getActiveChar(); if (!activeChar.isGM()) { final String msg = MapRegionManager.getInstance().getMapRegion(activeChar).getName() + ": " + (activeChar.getKarma() > 0 ? Config.ANNOUNCE_PK_MSG : Config.ANNOUNCE_PVP_MSG).replace("$killer", activeChar.getName()).replace("$target", event.getTarget().getName()); if (Config.ANNOUNCE_PK_PVP_NORMAL_MESSAGE) { Broadcast.toAllOnlinePlayers(SystemMessage.getSystemMessage(SystemMessageId.S1).addString(msg)); } else { Broadcast.toAllOnlinePlayers(msg, false); } } return null; } } checkout the imports and see if the classes exist try to compile then see for compilation errors

listen he made you an example of the function you dont replace everything :D how experienced are you on this field?